Really, pick a new god, as Google is simply a joke at this point.
Ooookay then, I think we're done here. Glad to see this has ended up as pointless as every other conversation we've had.
Quote:
Originally Posted by Benjamin Frost
I think that that permissions window is equally bad. What does 'uses account' mean? Are you handing over your account password, your name, your address, your phone number or what?
I think that that permissions window is equally bad. What does 'uses account' mean? Are you handing over your account password, your name, your address, your phone number or what?
Example, I am okay with the Dropbox app adding or removing a Dropbox account from my phone.
To me, that's not a logical answer. Does this mean that when Dropbox sees someone created a 2nd account from the same IP address they'll delete the old one? Or deny the 2nd one? WTF? This cannot be an answer on any level of stupidity. Not you sir, the "Add or remove accounts" statement from Google.
Why would anyone want to give an app permission to add or remove accounts?
Example, I am okay with the Dropbox app adding or removing a Dropbox account from my phone.
No. I would presume it means your main user account. This is a generic phone setting, not a specific app setting. It's extremely badly worded, as are the other permission settings.
THAT has to be the most stupidly worded info on app permissions I've ever seen.
To me, that's not a logical answer. Does this mean that when Dropbox sees someone created a 2nd account from the same IP address they'll delete the old one? Or deny the 2nd one? WTF? This cannot be an answer on any level of stupidity. Not you sir, the "Add or remove accounts" statement from Google.
If you try to create a second Dropbox account on a device that has one already you will get denied. You have to remove the existing account first in order to create a different one.
Quote:
Originally Posted by Benjamin Frost
No. I would presume it means your main user account. This is a generic phone setting, not a specific app setting. It's extremely badly worded, as are the other permission settings.
You would presume wrong. Here's a screenshot from my phone if that helps. It shows a few accounts that are setup on my phone, including Dropbox.
THAT has to be the most stupidly worded info on app permissions I've ever seen.
To me, that's not a logical answer. Does this mean that when Dropbox sees someone created a 2nd account from the same IP address they'll delete the old one? Or deny the 2nd one? WTF? This cannot be an answer on any level of stupidity. Not you sir, the "Add or remove accounts" statement from Google.
If you try to create a second Dropbox account on a device that has one already you will get denied. You have to remove the existing account first in order to create a different one.
Quote:
Originally Posted by Benjamin Frost
No. I would presume it means your main user account. This is a generic phone setting, not a specific app setting. It's extremely badly worded, as are the other permission settings.
You would presume wrong. Here's a screenshot from my phone if that helps. It shows a few accounts that are setup on my phone, including Dropbox.
You're completely missing the point. The wording is ambiguous and mystifying. The wording is not unique to the app; it can apply to any app. Therefore, account could mean anything.
You're completely missing the point. The wording is ambiguous and mystifying. The wording is not unique to the app; it can apply to any app. Therefore, account could mean anything.
I agree; this is completely not a complete answer, just like Android:
Identity access may include the ability to:
Find accounts on the device
Read your own contact card (example: name and contact information)
Modify your own contact card
Add or remove accounts
Utterly incomplete. Tells me nothing. What does "may include the ability to" mean? Gsus, what a moronic horse that is!
You're completely missing the point. The wording is ambiguous and mystifying. The wording is not unique to the app; it can apply to any app. Therefore, account could mean anything.
I fail to see what's ambiguous and mystifying about saying that an app may add/remove accounts to describe the act of adding and removing accounts, but maybe it's just me. In just this small thread we have you, who would prefer more detail, and Daniel, who finds the permission page so complicated that he feels that it reads like an EULA and requires an engineer or tech enthusiast to make sense of it. Clearly there’s no way to appease everyone.
On your concern that the request could be talking about any account, let me paint a worst case scenario for you that will even include issues you hadn’t even thought to be concerned about! Let’s say a malicious app made it thru Google’s vetting process (Bouncer) and made it into the Play Store. Let’s also say that it’s not yet been detected as known malicious apps get removed quickly. Let’s also say that the app presents itself as an app that would only like to read your contact card to get your name. The fact that the add/remove accounts is included in the “Identity” section comes as a bonus and they can now use the API which lets them add/remove accounts without it ever being obvious to the end user. Now let’s say that the app goes passes the second malware scanner performed by Google Play Services that happens when a user installs an app. Now let’s say that the app has found a way to access memory on the device that the OS doesn’t allow (this is possible if the user has rooted their device). Now let’s say that the app is able to acquire root access without SuperSU (a superuser access management tool) detecting that an app is requesting root access.
Still following? I’ve now created the perfect storm of events that has to happen to lead up this moment. I'm likely missing a security check or two, but let's say that the app was able to bypass those as well and now the havoc you’re concerned about can be realized. The app removes my Dropbox account on my phone. Mind you, this doesn’t affect the files or anything about my Dropbox account, it just means my phone can no longer access my Dropbox account until I set it back up again. This imaginary malware that you’re concerned about has set the user back at least 90 seconds while they create the account again and log in to their Dropbox. What has the developer of this malicious code accomplished? They’ve served to annoy the end user, nothing more, nothing less. They gained no valuable data and nothing of value was lost.
Quote:
Originally Posted by PhilBoogie
I agree; this is completely not a complete answer, just like Android:
Identity access may include the ability to:
Find accounts on the device
Read your own contact card (example: name and contact information)
Modify your own contact card
Add or remove accounts
Utterly incomplete. Tells me nothing. What does "may include the ability to" mean? Gsus, what a moronic horse that is!
See my first paragraph in my response to Benjamin regarding levels of detail. Google can't please everyone.
As to your question, "What does "may include the ability to" mean?" that's referring to the fact that an app intends on using one or more of those listed items. For example, an app may only want to read your name from your contact card without containing any code to provide the capability to modify it.
You're completely missing the point. The wording is ambiguous and mystifying. The wording is not unique to the app; it can apply to any app. Therefore, account could mean anything.
I fail to see what's ambiguous and mystifying about saying that an app may add/remove accounts to describe the act of adding and removing accounts, but maybe it's just me. In just this small thread we have you, who would prefer more detail, and Daniel, who finds the permission page so complicated that he feels that it reads like an EULA and requires an engineer or tech enthusiast to make sense of it. Clearly there’s no way to appease everyone.
On your concern that the request could be talking about any account, let me paint a worst case scenario for you that will even include issues you hadn’t even thought to be concerned about! Let’s say a malicious app made it thru Google’s vetting process (Bouncer) and made it into the Play Store. Let’s also say that it’s not yet been detected as known malicious apps get removed quickly. Let’s also say that the app presents itself as an app that would only like to read your contact card to get your name. The fact that the add/remove accounts is included in the “Identity” section comes as a bonus and they can now use the API which lets them add/remove accounts without it ever being obvious to the end user. Now let’s say that the app goes passes the second malware scanner performed by Google Play Services that happens when a user installs an app. Now let’s say that the app has found a way to access memory on the device that the OS doesn’t allow (this is possible if the user has rooted their device). Now let’s say that the app is able to acquire root access without SuperSU (a superuser access management tool) detecting that an app is requesting root access.
Still following? I’ve now created the perfect storm of events that has to happen to lead up this moment. I'm likely missing a security check or two, but let's say that the app was able to bypass those as well and now the havoc you’re concerned about can be realized. The app removes my Dropbox account on my phone. Mind you, this doesn’t affect the files or anything about my Dropbox account, it just means my phone can no longer access my Dropbox account until I set it back up again. This imaginary malware that you’re concerned about has set the user back at least 90 seconds while they create the account again and log in to their Dropbox. What has the developer of this malicious code accomplished? They’ve served to annoy the end user, nothing more, nothing less. They gained no valuable data and nothing of value was lost.
I agree; this is completely not a complete answer, just like Android:
Identity access may include the ability to:
Find accounts on the device
Read your own contact card (example: name and contact information)
Modify your own contact card
Add or remove accounts
Utterly incomplete. Tells me nothing. What does "may include the ability to" mean? Gsus, what a moronic horse that is!
See my first paragraph in my response to Benjamin regarding levels of detail. Google can't please everyone.
As to your question, "What does "may include the ability to" mean?" that's referring to the fact that an app intends on using one or more of those listed items. For example, an app may only want to read your name from your contact card without containing any code to provide the capability to modify it.
You're not looking at this through a layman's eyes, but through the eyes of a geek.
There is no way to grant permissions to modify accounts on an Apple device. If someone owns just an iPhone, it's possible to delete their account on it, along with all the data.
It's no good giving a long account of how no real harm can come to your Android phone. If Apple introduced such a shoddy permissions window, it would badly damage their reputation. Google can get away with it because they are held to a low standard.
If someone owns just an iPhone, it's possible to delete their account on it, along with all the data.
Now that's scary! No wonder you're so concerned for Android and its users, you're applying Apple's way of doing things to Android's way of doing things. They're two different operating systems and should be treated as such. Just because someone can wreak havoc on an iPhone by removing an account doesn't mean that same rule applies to Android. Removing an account is a pretty harmless task on Android. I was hoping my previous post would have cleared that up, but apparently it didn't.
If someone owns just an iPhone, it's possible to delete their account on it, along with all the data.
Now that's scary! No wonder you're so concerned for Android and its users, you're applying Apple's way of doing things to Android's way of doing things. They're two different operating systems and should be treated as such. Just because someone can wreak havoc on an iPhone by removing an account doesn't mean that same rule applies to Android. Removing an account is a pretty harmless task on Android. I was hoping my previous post would have cleared that up, but apparently it didn't.
You mean to say that you can't wipe an Android phone? Nice for thieves.
If someone owns just an iPhone, it's possible to delete their account on it, along with all the data.
Now that's scary! No wonder you're so concerned for Android and its users, you're applying Apple's way of doing things to Android's way of doing things. They're two different operating systems and should be treated as such. Just because someone can wreak havoc on an iPhone by removing an account doesn't mean that same rule applies to Android. Removing an account is a pretty harmless task on Android. I was hoping my previous post would have cleared that up, but apparently it didn't.
You mean to say that you can't wipe an Android phone? Nice for thieves.
yes you can wipe an android phone you can also ad a second account so you have a device with two accounts if you so wish.
You mean to say that you can't wipe an Android phone? Nice for thieves.
I'm not sure how you read that from what I posted (I suspect you're trolling at this point), but you can absolutely wipe an Android phone by doing a factory reset. However, on Android that is a completely separate task from removing an account. They're not related at all.
I'm not sure how you read that from what I posted (I suspect you're trolling at this point), but you can absolutely wipe an Android phone by doing a factory reset. However, on Android that is a completely separate task from removing an account. They're not related at all.
While I hadn't read that article I can't say that any of the information in it is new to me. Wiping a phone to give yourself a fresh start or to install a custom ROM and wiping your phone for resale have very different requirements. If one wants to sell any device it's a best practice to overwrite the drive with dummy bits to prevent the recovery of files.
Want to know if a device you just wiped actually rewrote over the data or just removed the pointers to it? You can tell by timing the process. It takes a non-negligible amount of time to overwrite all the bits on today's drives (due to their size). If your factory reset only took 2-10 minutes, there's likely old files that can still be recovered thru the use of forensic tools. Did the reset take 45-90 minutes? Then you're probably safe to sell that device.
While I hadn't read that article I can't say that any of the information in it is new to me. Wiping a phone to give yourself a fresh start or to install a custom ROM and wiping your phone for resale have very different requirements. If one wants to sell any device it's a best practice to overwrite the drive with dummy bits to prevent the recovery of files.
Comments
Really, pick a new god, as Google is simply a joke at this point.
Ooookay then, I think we're done here. Glad to see this has ended up as pointless as every other conversation we've had.
I think that that permissions window is equally bad. What does 'uses account' mean? Are you handing over your account password, your name, your address, your phone number or what?
Here ya go, straight from the horses mouth.
https://support.google.com/googleplay/answer/6014972?p=app_permissions
From Google:
An app can use your account and/or profile information on your device.
Identity access may include the ability to:
Find accounts on the device
Read your own contact card (example: name and contact information)
Modify your own contact card
Add or remove accounts
Why would anyone want to give an app permission to add or remove accounts?
Incredible!
Why would anyone want to give an app permission to add or remove accounts?
Example, I am okay with the Dropbox app adding or removing a Dropbox account from my phone.
THAT has to be the most stupidly worded info on app permissions I've ever seen.
To me, that's not a logical answer. Does this mean that when Dropbox sees someone created a 2nd account from the same IP address they'll delete the old one? Or deny the 2nd one? WTF? This cannot be an answer on any level of stupidity. Not you sir, the "Add or remove accounts" statement from Google.
No. I would presume it means your main user account. This is a generic phone setting, not a specific app setting. It's extremely badly worded, as are the other permission settings.
Quote:
THAT has to be the most stupidly worded info on app permissions I've ever seen.
To me, that's not a logical answer. Does this mean that when Dropbox sees someone created a 2nd account from the same IP address they'll delete the old one? Or deny the 2nd one? WTF? This cannot be an answer on any level of stupidity. Not you sir, the "Add or remove accounts" statement from Google.
If you try to create a second Dropbox account on a device that has one already you will get denied. You have to remove the existing account first in order to create a different one.
No. I would presume it means your main user account. This is a generic phone setting, not a specific app setting. It's extremely badly worded, as are the other permission settings.
You would presume wrong. Here's a screenshot from my phone if that helps. It shows a few accounts that are setup on my phone, including Dropbox.
Quote:
THAT has to be the most stupidly worded info on app permissions I've ever seen.
To me, that's not a logical answer. Does this mean that when Dropbox sees someone created a 2nd account from the same IP address they'll delete the old one? Or deny the 2nd one? WTF? This cannot be an answer on any level of stupidity. Not you sir, the "Add or remove accounts" statement from Google.
If you try to create a second Dropbox account on a device that has one already you will get denied. You have to remove the existing account first in order to create a different one.
No. I would presume it means your main user account. This is a generic phone setting, not a specific app setting. It's extremely badly worded, as are the other permission settings.
You would presume wrong. Here's a screenshot from my phone if that helps. It shows a few accounts that are setup on my phone, including Dropbox.
You're completely missing the point. The wording is ambiguous and mystifying. The wording is not unique to the app; it can apply to any app. Therefore, account could mean anything.
I agree; this is completely not a complete answer, just like Android:
Identity access may include the ability to:
Find accounts on the device
Read your own contact card (example: name and contact information)
Modify your own contact card
Add or remove accounts
Utterly incomplete. Tells me nothing. What does "may include the ability to" mean? Gsus, what a moronic horse that is!
I fail to see what's ambiguous and mystifying about saying that an app may add/remove accounts to describe the act of adding and removing accounts, but maybe it's just me. In just this small thread we have you, who would prefer more detail, and Daniel, who finds the permission page so complicated that he feels that it reads like an EULA and requires an engineer or tech enthusiast to make sense of it. Clearly there’s no way to appease everyone.
On your concern that the request could be talking about any account, let me paint a worst case scenario for you that will even include issues you hadn’t even thought to be concerned about! Let’s say a malicious app made it thru Google’s vetting process (Bouncer) and made it into the Play Store. Let’s also say that it’s not yet been detected as known malicious apps get removed quickly. Let’s also say that the app presents itself as an app that would only like to read your contact card to get your name. The fact that the add/remove accounts is included in the “Identity” section comes as a bonus and they can now use the API which lets them add/remove accounts without it ever being obvious to the end user. Now let’s say that the app goes passes the second malware scanner performed by Google Play Services that happens when a user installs an app. Now let’s say that the app has found a way to access memory on the device that the OS doesn’t allow (this is possible if the user has rooted their device). Now let’s say that the app is able to acquire root access without SuperSU (a superuser access management tool) detecting that an app is requesting root access.
Still following? I’ve now created the perfect storm of events that has to happen to lead up this moment. I'm likely missing a security check or two, but let's say that the app was able to bypass those as well and now the havoc you’re concerned about can be realized. The app removes my Dropbox account on my phone. Mind you, this doesn’t affect the files or anything about my Dropbox account, it just means my phone can no longer access my Dropbox account until I set it back up again. This imaginary malware that you’re concerned about has set the user back at least 90 seconds while they create the account again and log in to their Dropbox. What has the developer of this malicious code accomplished? They’ve served to annoy the end user, nothing more, nothing less. They gained no valuable data and nothing of value was lost.
I agree; this is completely not a complete answer, just like Android:
Identity access may include the ability to:
Find accounts on the device
Read your own contact card (example: name and contact information)
Modify your own contact card
Add or remove accounts
Utterly incomplete. Tells me nothing. What does "may include the ability to" mean? Gsus, what a moronic horse that is!
See my first paragraph in my response to Benjamin regarding levels of detail. Google can't please everyone.
As to your question, "What does "may include the ability to" mean?" that's referring to the fact that an app intends on using one or more of those listed items. For example, an app may only want to read your name from your contact card without containing any code to provide the capability to modify it.
You're not looking at this through a layman's eyes, but through the eyes of a geek.
There is no way to grant permissions to modify accounts on an Apple device. If someone owns just an iPhone, it's possible to delete their account on it, along with all the data.
It's no good giving a long account of how no real harm can come to your Android phone. If Apple introduced such a shoddy permissions window, it would badly damage their reputation. Google can get away with it because they are held to a low standard.
If someone owns just an iPhone, it's possible to delete their account on it, along with all the data.
Now that's scary! No wonder you're so concerned for Android and its users, you're applying Apple's way of doing things to Android's way of doing things. They're two different operating systems and should be treated as such. Just because someone can wreak havoc on an iPhone by removing an account doesn't mean that same rule applies to Android. Removing an account is a pretty harmless task on Android. I was hoping my previous post would have cleared that up, but apparently it didn't.
They’re two different operating systems…
You mean to say that you can't wipe an Android phone? Nice for thieves.
You mean to say that you can't wipe an Android phone? Nice for thieves.
I'm not sure how you read that from what I posted (I suspect you're trolling at this point), but you can absolutely wipe an Android phone by doing a factory reset. However, on Android that is a completely separate task from removing an account. They're not related at all.
I guess you haven't read this.
http://www.cnet.com/news/android-phone-wiping-fails-to-delete-personal-data/
Want to know if a device you just wiped actually rewrote over the data or just removed the pointers to it? You can tell by timing the process. It takes a non-negligible amount of time to overwrite all the bits on today's drives (due to their size). If your factory reset only took 2-10 minutes, there's likely old files that can still be recovered thru the use of forensic tools. Did the reset take 45-90 minutes? Then you're probably safe to sell that device.
How does one do a DoD wipe on a phone?
That's something that the average user knows nothing about.